Home   >>   Lighttpd   >>   Lighttpd Chroot Jail Installation Script
Lighttpd Chroot Jail Installation Script PDF Print E-mail
( 0 Votes )
How To - Lighttpd
Written by Christian Foronda   
Friday, 19 February 2010 09:53

This script will do the following:

  • Install Lighttpd
  • Install PHP5 and dependecies
  • Prepare FastCGI PHP and MySQL from the jail
  • Add Perl support to the jail
  • Add PHP5 support to the jail
  • Copy any existing web data to the jail
#! /bin/bash +x

# Build jail at /webchroot location.
# Default document root : /webchroot/srv/www
# Port : 80
# IP: Your Public IP address
# Virtual domain1: /home/lighttpd/vdomain1.com/
# Virtual domain1 access log file: /var/log/lighttpd/vdomain1.com/
# Default access log file: /webchroot/var/log/lighttpd/access.log
# Default error log file: /webchroot/var/log/lighttpd/error.log
# Default php error log file: /webchroot/var/log/lighttpd/php.log

CWD=`pwd`
mkdir="/bin/mkdir"
dir='/webchroot'

if [ "$UID" -ne "0" ]; then
    echo " Ooops... You're not root? I must quit. Sorry."
    exit 1
fi

if [ ! -f "/etc/redhat-release" ]; then
    echo " WARNING! This script is only for CentOS 5.3 x64 Linux"
fi

if ps ax | grep -v grep | grep ' lighttpd ' > /dev/null; then
    echo " Lighty is currently running. Please stop lighttpd."
           exit 1
fi

echo " Installing related packages..."
#rpm -ivh http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
yum -y install php php-pear php-common php-pdo php-ldap php-gd php-cli php-mysql lighttpd lighttpd-fastcgi

echo " Creating directory tree..."
$mkdir -p \
    $dir/etc \
    $dir/tmp \
    $dir/usr/tmp \
    $dir/usr/sbin \
    $dir/srv/www \
    $dir/var/run/lighttpd \
    $dir/var/log/lighttpd \
    $dir/var/lock/subsys \
    $dir/var/lib/php/session \
    $dir/usr/bin
chmod 1777 $dir/tmp
chown lighttpd.lighttpd $dir/var/run/lighttpd
chown lighttpd.lighttpd $dir/var/log/lighttpd
chown -R lighttpd.lighttpd $dir/srv/
chgrp lighttpd $dir/var/lib/php/session
chmod 770 $dir/var/lib/php/session

echo " Installing chroot script..."

l2chroot=/sbin/l2chroot

# Here containing the body of the generated script.
(
cat <<'EOF'
#!/bin/bash
# See url for usage:
# http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html
# -------------------------------------------------------------------------------
# Set CHROOT directory name
BASE="/webchroot"

if [ $# -eq 0 ]; then
  echo " Syntax : $0 /path/to/executable"
  echo " Example: $0 /usr/bin/php5-cgi"
  exit 1
fi

[ ! $BASE ] && mkdir -p $BASE || : 

# iggy ld-linux* file as it is not shared one
FILES="$(ldd $1 | awk '{ print $3 }' |egrep -v ^'\(')"

echo " Copying shared files/libs to $BASE..."
for i in $FILES
do
  d="$(dirname $i)"
  [ ! -d $BASE$d ] && mkdir -p $BASE$d || :
  /bin/cp $i $BASE$d
done

# copy /lib/ld-linux* or /lib64/ld-linux* to $BASE/$sldlsubdir
# get ld-linux full file location 
sldl="$(ldd $1 | grep 'ld-linux' | awk '{ print $1}')"
# now get sub-dir
sldlsubdir="$(dirname $sldl)"

if [ ! -f $BASE$sldl ];
then
  echo " Copying $sldl $BASE$sldlsubdir..."
  /bin/cp $sldl $BASE$sldlsubdir
else
  :
fi

exit
EOF
) > $l2chroot

if [ -f "$l2chroot" ]
then
  chmod 755 $l2chroot
  # Make the generated file executable.
else
  echo " Problem in creating file: \"$l2chroot\""
fi

echo " Configuring php support..."
cp -a /usr/bin/php* $dir/usr/bin
cp -a /usr/sbin/lighttpd* $dir/usr/sbin
cp -ar /usr/lib64/lighttpd $dir/usr/lib64
l2chroot /usr/bin/php-cgi
l2chroot /usr/bin/php

echo " Configuring perl support..."
cp -a /usr/bin/perl $dir/usr/bin
l2chroot /usr/bin/perl

echo " Configuring mysql support..."
cp -a /usr/bin/mysql* $dir/usr/bin
cp -ar /usr/lib64/mysql $dir/usr/lib64
cp -ar /usr/share/mysql $dir/usr/share
l2chroot /usr/bin/mysql
l2chroot /usr/lib64/php/modules/mysql.so

echo " Copying required files..."
cp -a /etc/hosts $dir/etc/
cp -a /etc/nsswitch.conf $dir/etc/
cp -a /etc/resolv.conf $dir/etc/
cp -a /etc/localtime $dir/etc/
cp -ar /etc/ld* $dir/etc/
echo cgi.fix_pathinfo=1 >> /etc/php.ini
cp -a /etc/php.ini $dir/etc/
cp -ar /etc/php.d $dir/etc/

mkdir -p $dir/usr/share/
cp -ar /usr/share/zoneinfo $dir/usr/share/

echo " Creating passwd..."

passwd=$dir/etc/passwd

# Here's passwd should contain.
(
cat <<'EOF'
root:x:0:0:root:/root:/bin/bash
lighttpd:x:101:101:lighttpd web server:/srv/www:/sbin/nologin
EOF
) > $passwd

echo " Creating group..."

group=$dir/etc/group
# Here's group should contain.
(
cat <<'EOF'
root:x:0:root
lighttpd:x:101:
EOF
) > $group

echo " Copying php modules..."
cp -ar /usr/lib64/php $dir/usr/lib64/
cd $dir/usr/lib64/php/modules
for l in *.so; do l2chroot $l; done

echo " Copying existing websites..."
cp -ar /srv/www/* $dir/srv/www

echo " Last things to do."
echo " edit /etc/lighttpd/lighhtpd.conf"
echo " change server.chroot = "/webchroot""
echo " restart lighttpd after you edit the conf."
echo " Now it's done."


blog comments powered by Disqus
back to top
< Prev
Last Updated on Friday, 19 February 2010 09:57